How the Google Play App Security Improvement Program is helping devs keep apps safe

The past year has been one where Google’s really started moving security to the forefront of the Android experience. Between the rise of fingerprint scanners on Android devices (and corresponding API support), the publication of high-profile exploits like Stagefright, and the company’s move to deliver monthly security updates for its Nexus lineup, Google’s been tackling the issue of device and data security from all angles. Those efforts extend to keeping apps safe, and Google’s long taken steps to make sure that not only are Play Store apps as trustworthy as can be, but that risks from non-Play-Store app installs can be mitigated whenever possible. This week Google’s taking the time to talk a little about one of the ways it helps developers avoid security missteps, with the Google Play App Security Improvement Program.

Rather than just looking at apps submitted to Google Play for outright malicious code, the GPASIP analyzes apps both at the time of initial submission and periodically throughout their Play Store lifespans, and is able to spot vulnerabilities a dev may not even have been aware of.

For example, if an app is developed using tools or some framework that have since been identified as containing potential security flaws, GPASIP can identify their presence and alert devs that they may want to update their toolset or look for alternatives. In serious cases, Google can stop devs from delivering other app updates until they resolve outstanding security issues.

End users won’t see any of this behind-the-scenes action, and instead learn about security fixes when we get our app-update notifications, but we’re glad to know it’s happening, all the same.

Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!